Multiport card

ABSTRACT

This invention concerns a conventional smart card comprising a rosette of eight contacts of the ISO 7816 type and at least one standard bi-directional channel, through which the exchange of data at a speed of about 500 Kbits/sec is possible. To allow the use of such a card in an environment that needs a processing of information of several Mb we propose to add on this card a high-speed series channel linked to non used connections by the standard bi-directional channel and to format a second bus (HSD) on which are linked several coding/decoding modules and multiplexing module (MUX). These modules are also linked to the conventional bus of the card.

FIELD OF THE INVENTION

This invention concerns the field of smart cards.

BACKGROUND OF THE INVENTION

These cards are presented in the form of a compact module comprising agreat number of electronic elements such as memories, microprocessors,modem. As technology progresses rapidly, performances reserved yesterdayfor big systems are from now on available in smart cards.

The standard ISO 7816 defines the interfacing of such a card that iscarried out by the mean of a rosette of 8 contacts whose functions aredefined by the standard.

The idea of such a card has been dictated by the need to have portabledata supports that offer great security as to the protection of thesedata. Apart from their structures, they are used for storage andprocessing applications that need few inputs-outputs. In fact, accordingto standard ISO 7816, only one connection is used for this function in abi-directional mode in half-duplex mode.

In this way, the evolution of these cards is limited by this structurelimiting their use to control applications while the fast dataprocessing is carried out in other units.

This is particularly the case in pay television, where the signals arecoded by a key that varies with the time. In the flow of audio-videodata arriving at the decoder are added management messages (EMM) thatcontain the keys in encrypted forms. When such a message is recognisedit is directed to the smart card serving as security module.

In this embodiment, the smart card contains the different keys thatallow to decrypt these messages and to verify if the subscriber hasenough rights to view these data. If it is so, the card sends againinformation allowing the decoder to decode the coded data.

This method has several drawbacks. The first one is that it must supplythe keys in clear to a decoder that is not considered as a secureelement. This is also the reason why the keys are changed at regularintervals, typically every second. Although this structure issatisfactory in many respects it has a real problem in otherapplications, for example in the case of data storage. In this type ofapplication, the notion of duration of the validity of a key disappearsand is associated to the coded data, a key that only the smart card candecode.

It is well understood that the fact of supplying the key to the decoder,a computer in this example, implies a risk that said key be interceptedby a third person and disclosed without control.

In order to solve this problem, a possible solution is to decode thedata directly in the smart card. In this way the coding key does notexit the card, because this key is used directly inside the card toprocess the coded data.

This type of use rapidly comes up against the physical constraints ofthe card ISO 7816 whose port I/O has a transfer rate of about 10 to 100Kbits/sec.

The same type of problem arises when using a non-contact card of thetype ISO 14443. The transfer rates being about 106 to 425 Kbits/sec.

Any structural modification of the card is confronted with a problem ofcompatibility with the readers ISO 7816 and ISO 14443 that will notunderstand this new specification.

SUMMARY OF THE INVENTION

The aim of the invention is to have a smart card that respects thecompatibility with the existing readers and that proposes otherservices, particularly the possibility of decoding the coded data insidethe card at the speed required by the data rate.

This aim is achieved by a smart card comprising a rosette of eightcontacts ISO 7816 and at least one standard bi-directional channel,characterised in that it comprises a high speed channel linked to nonused connections.

By non used connections we mean connections that do not have particularfunctions by the standard or connections that are no longer used in thepresent generations of cards.

In this category we find well understood the two connections RFU(Reserved for Future Use) as well as the connection Vpp that allowed tosupply the non volatile memories with a voltage higher than 5V (normallyfrom 12V to 21V). With the coming of new technologies of non volatilememories such as NVRAM, EEPROM or FLASH, this voltage is generated bythe card itself, and this connection is no longer used nowadays.

Thanks to the use of these supplementary lines it is possible to definea protocol that is different to those used in the standard ISO 7816 andthus opens the field to other applications.

The available of three connections allow a high speed link thanks to aclock line (CLK), an input line (IN), and an output line (OUT). It ispossible to use together the different access channels of the card, forexample by the standard channel functioning bidirectionally by an I/Oline. This high speed channel adds functions to those already existing,for example a high speed coding-decoding module.

The use of this high speed channel has consequences on the architectureof the card. From now on it is possible to propose a decoding (orcoding) module that is totally carried out in inside the card. For thispurpose the data arriving through the fast channel are directed towardsa specialized decoding module. In fact, these data do not have tonecessarily travel through the microprocessor, they can go directly tothe specialized decoding module by an internal fast bus.

To this end, the smart card according to the invention comprisesmultiplexing means that allow a direct access between the fast channeland one or several specialized modules. These means also allow to directthe fast channel stream towards the microprocessor if necessary. Ifcertain microprocessors cannot process data at speeds of several Mb/s,other more developed versions make this processing possible and cansubstitute certain specialized modules. Thus, the microprocessor, bysoftware (programmable), will be able to be substituted in thespecialized modules carrying out mathematical operations thanks toelectronic circuits (non programmable).

According to the invention, the multiplexing means allow to serializeseveral specialized modules. The card according to the invention cancomprise a first data compression module whose output is directedtowards a coding module.

During the processing of data by the bias of the fast channel the othercommunication means remain available, particularly the I/O linkdescribed in the standard ISO 7816 or the non contact link of the typeISO 14443. It is thus possible to transfer the control information bythese means, said information being used for the transmission ofmanagement information of the card, such as for example the parametersof the decoding modules or the rights attached to these parameters.

According to the invention, the multiplexing means comprise extractionand injection means in order to separate certain types of data from thedata stream. A digital data stream for pay television comprises usefuldata such as audio or video and control data. When this flow is directedto the fast channel it is necessary to extract the control data thatcontain the information on the decoding keys as well as variousmanagement information.

This extraction and injection module is customized by the microprocessorand when a message corresponds to the recognition criteria, this messageis directed towards the microprocessor.

The data processed by such a card are generally organised in blocks.Each block begins by a block identifier and describes the type ofinformation contained in said block.

In the reverse function, that is the coding of data, this module caninsert control data in the stream arriving from the fast bus. Thesecontrol data are generated by the central unit for example to qualifythe data flow, transmit the control words in coded form, or transmitrouting information. To this respect, this module comprises a buffermemory that receives the blocks of data coming from the fast bus and theblocks of data coming from the central unit. If the buffer memorycontains a block of control data, it is inserted in the stream at theend of a block of data coming from the fast bus. This flow is thentransmitted towards the shaping module to be directed towards the fastoutput port.

Thanks to this structure it is possible to process all the stream insidethe smart card, in this way greatly increasing the security of the data.It is also possible to create a complete stream of coded or decoded datainside the card including the management information such as the controlwords.

According to an embodiment, the fast channel follows the USB standards(Universal Serial Bus). The particularity of this interface is that thesignals use two connections, one for the incoming data (IN) and theother for the outgoing data (OUT).

The smart card according to the invention comprises a module of protocoldetection that enables it to adapt itself to the USB protocol and thatconverts it in the internal protocol of the smart card, for example byregenerating the clock.

BRIEF DESCRIPTION OF THE DRAWING

The present invention will be better understood with the help of theannexed figure, taken as a non-limiting example, in which the singledrawing represents the architecture of a smart card and its readeraccording to the invention.

DETAILED DESCRIPTION OF THE INVENTION

In this figure are represented the two types of link known in the art,that is, the galvanic link (A) and the non contact link (B). Althoughthe known cards normally only comprise one of these links, it ispossible for compatibility reasons to produce such a card.

The I/O link is directed towards a UART (Universal Asynchronous ReceiverTransmitter) which is coupled with a buffer memory (BUF). The signalsarriving in the UART are formatted and filtered in order to eliminatethe noises and other interferences. The buffer memory (BUF) is used tomemorise the incoming data before they are processed by themicroprocessor.

A similar processing is carried out by the non contact channel (B). Thesignals emitted by the reader are used at the same time to feed thecard. This is why the aerial of the card (20) has a quadruple function,i.e. to transmit and receive the data between the card and the reader,to provide a clock for the microprocessor and to supply the card. Thesupply module (SPL) transforms the high-frequency carrier into a voltagethat is usable by the card. Above this module is a shaping module of themodulated signal such as a modem.

The voltage thus obtained is transmitted to a supply management modulePWRM in charge of the selection of the supply source, particularly whenseveral sources are available. In the embodiment where the card issupplied galvanically by the reader, the supply management module (PWR)selects principally the galvanic current coming from the reader. Thisregulated voltage VP is then distributed to the elements of the card.

The information decoded by the UART is then accessible on the standardbus (STB) represented with a thick line on the figure. This bus allowsto link all the modules between themselves with the central unit (CPU)as management controller. For its memory needs, the card has a memoryassembly (MEM) composed of a program memory (ROM or NVRAM), a workingmemory (RAM), and a save memory (NVRAM). These different memories can bemanaged by a memory manager (MM). This module also comprises themanagement of the access rights to the different memories.

The card according to one embodiment of the invention comprises a secondfast bus (HSB) represented by a dotted line in the figure. This HSB buscan be of the parallel type or series and allows speeds of more Mb/s.The modules connected on this bus are also connected on the standard busfor the transmission of the initializations, the keys, and othercustomisations information. On the fast HSB bus are connectedspecialized coding-decoding modules according to the different supportedprotocols. In this way modules of the IDEA, DES, triple-DES, Hash or AEStype are foreseen. Furthermore, other specialized modules such ascompression or decompression modules can be added as needed.

A module using the FPLA technology (Field Programmable Logic Array)allows to program the operations of future coding algorithms. Thecentral unit CPU can configure this module to carry out the operationsnecessary for the coding of information or any other function. This typeof module normally arranges the single function blocks (shiftingregister, XOR for example) which are connected as needed to carry outthe chosen complex function.

An important aspect of the invention is represented by the elements thatcompose the fast channel. A first protocol detection module DP is incharge of the formatting of the signals and of recognising the usedprotocol. The signals are converted according to the internal protocol,for example on a synchronised bus series with three wires. This moduleis in charge of the adaptation to the standard defined for the externalinterfacing. The detection of the protocol is done automatically, forexample depending on the presence or absence of a clock signal or thefrequency of transmission that is used.

Once the signals are formatted according to a known protocol, thesignals are directed towards the multiplexer MUX. This module allows tosend the signals to the target module according to the needs. Thecentral unit CPU can for example configure the multiplexer to send thesignals of the fast channel towards the IDEA coding module. Whenflowing, the extraction and injection module FF analyzes the data andextracts those that respond to the programmed criteria. When therecognition criteria are satisfied, an interruption is generated by theextraction and injection module FF, which informs the central unit CPUof the availability of these data.

The multiplexer MUX module can as well send the data towards the centralunit CPU if the capacities of data flow processing are sufficient. It isequally possible to integrate in the MUX module a buffer memory to storethe data temporarily before the target module can process them.

As is described above, the extraction and injection module FF functionsin both directions and allows to insert the control blocks towards thefast channel.

It is known that this type of card does not have an internal clockgenerator, but that it is dependent on the clock signals coming from thereader. In our case, we have three possible clock sources, either theclassic input CLK according to the standard ISO 7816, the C1 clockextracted from the non contact transmission, or the clock accompanyingthe fast bus C2. The clock management module CLKM manages thesedifferent sources and makes sure that the card receives the clockpulses. This module also comprises means for multiplying or dividing thefrequency according to the needs. This module can produce several clockpulse signals according to the needs, for example a first frequency forthe central unit CPU and a second frequency for the fast modules (DVD,PKC, IDEA . . . ).

The management of the different clock sources responds to criteriadefined in terms of hierarchy. The order or priority is normally thesource ISO 7816 (CLK), then the non contact source ISO 14463 (C1), andfinally the fast channel source (C2).

This invention also concerns a card reader comprising means forcommunicating by a fast channel with the smart card.

This reader must be able to adapt to a great number of types of cards,particularly of different generations. The interface of the readertowards the computer is advantageously the USB port allowing fasttransfers of data. The smart card might not support the protocol andrequire a three wired connection (IN, OUT, CLOCK). In this case, thereader comprises an interface that allows to convert the signalsresponding to the standard USB in an acceptable protocol for the card.It must be noted that the identification of the type of card, and alsoof its communication capacities, is carried out by the traditionalchannels well defined in the standard. These channels can either be ofthe type ISO 7816 (galvanic) or of the type ISO 14443 (electromagneticchannel).

According to a particular embodiment of the reader, the extraction andinjection module FF is located inside the reader. In this way, all theflow can arrive by the fast channel, for example, by the USB interface,and it is in this reader that the recognition of the management messageswill be made. The latter will be sent by the traditional channel to thesmart card.

What is claimed is:
 1. A smart card comprising: a plurality of contactscorresponding to a recognized standard; at least one standardbi-directional channel; a first bus linked to the at least onebi-directional channel; a processor linked to the first bus; a secondchannel linked to at least one contact of the plurality of contacts, theat least one contact being a contact that is not used by thebi-directional channel, the second channel being of higher speed thanthe bi-directional channel; a second bus linked to the second channel; amultiplexing module linked to the second bus; and a plurality ofcoding/decoding modules linked to the second bus via the multiplexingmodule.
 2. The smart card of claim 1, wherein the multiplexing moduleand the coding/decoding modules are also linked to the first bus.
 3. Thesmart card of claim 1, wherein the plurality of contacts are of anInternational Standards Organization (ISO) 7816 type.
 4. The smart cardof claim 1, wherein the plurality of contacts comprise eight contactsarranged in a rosette configuration.
 5. The smart card of claim 1,wherein the bi-directional channel is linked to at least one contact ofan ISO 7816 type.
 6. The smart card of claim 5, wherein thebi-directional channel is linked to at least one contact of an IS0 14443type.
 7. The smart card of claim 1, wherein at least one of thecoding/decoding modules is of an International Data Encryption Algorithmtype.
 8. The smart card of claim 1, wherein at least one of thecoding/decoding modules is of a Data Encryption Standard (DES) type. 9.The smart card of claim 1, wherein at least one of the coding/decodingmodules is of a triple-DES type.
 10. The smart card of claim 1, whereinat least one of the coding/decoding modules is of an AES (AdvancedEncryption Standard) type.
 11. The smart card of claim 1, wherein atleast one of the coding/decoding modules is of a hash type.
 12. Thesmart card of claim 1, wherein the multiplexing module is connected in astar configuration.
 13. The smart card of claim 12, wherein the starconfiguration allows at least two of he coding/decoding modules to belinked serially.
 14. The smart card of claim 1, further comprising anextraction and injection module connected to the second bus, theextraction and injection module being configured to extract data of apredefined type from a data stream on the second bus and transmitextracted data to the processor.
 15. The smart card of claim 14, whereinthe extraction and injection module includes a control data input and abuffer memory that allows for the insertion of data into a data streamon the second bus.
 16. A smart card comprising: a plurality of contactscorresponding to a recognized standard; at least one standardbi-directional channel; a first bus linked to the at least onebi-directional channel; a processor linked to the first bus; a secondchannel linked to at least one contact of the plurality of contacts, theat least one contact being a contact that is not used by thebi-directional channel, the second channel being of higher speed thanthe bi-directional channel; a second bus linked to the second channel;at least one coding/decoding module connected to at least one of thefirst bus and the second bus; and an extraction and injection moduleconnected to the second bus, the extraction and injection module beingconfigured to extract data of a predefined type from a data stream onthe second bus and transmit extracted data to the processor.
 17. Thesmart card of claim 16, wherein the extraction and injection moduleincludes a control data input and a buffer memory that allows for theinsertion of data into a data stream on the second bus.